Privacy Policy
Last updated: 30 May 2026
Who we are
StompLab is a web application for managing guitar pedal builds and components. The data controller for personal data collected through StompLab is StompLab. If you have any questions about this policy or your data, contact us at hello@stomplab.net.
What data we collect
We collect the minimum data necessary to provide the service:
- Account information: your name and email address when you register.
- Account status: your role (member or admin), and whether your account has been suspended, including the date suspension was applied.
- Content you create: project builds, component stash entries, and any other data you add to the application.
- Billing data: if you subscribe to StompLab Pro, we store your Stripe customer ID and subscription status. Your payment details (card number, expiry, CVV, and card type) are held exclusively by Stripe and are never transmitted to or stored on our servers.
- Usage data: page views and interaction data via Google Analytics, only if you consent (see below).
We do not collect location data or any sensitive personal data.
How we use your data
- To create and maintain your account.
- To provide the features of StompLab (projects, stash, builds).
- To process and manage your Pro subscription, including handling payments, renewals, and cancellations via Stripe.
- To send transactional emails such as email verification, password reset, and payment-related notifications (e.g. failed payment alerts requiring action). We do not send marketing emails.
- To keep the site secure and prevent abuse, including suspending accounts that violate our Terms of Use.
- To allow administrators to manage user accounts, including viewing and updating account details such as name, email, role, and account status.
Legal basis for processing
We process your personal data under the following legal bases:
- Contract: processing your name, email, and billing data is necessary to provide the service you signed up for, including fulfilling a paid subscription.
- Consent: analytics cookies (Google Analytics) are only set with your explicit consent.
- Legitimate interests: security and fraud prevention.
Analytics
With your consent, we use Google Analytics 4 (provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to understand how visitors use the site. Google Analytics collects information about your visit such as pages viewed, time spent, and referral source using cookies.
The legal basis for this processing is your consent (Article 6(1)(a) GDPR), which you give by clicking "Accept all" on the cookie banner. You can withdraw consent at any time by clearing your cookies and choosing "Essential only" on the banner.
Data collected by Google Analytics may be transferred to and processed in the United States. This transfer is covered by Google's data processing terms and Standard Contractual Clauses. See Google's privacy policy for full details.
Cookies
Strictly necessary cookies are used for authentication and security. Analytics cookies (Google Analytics) are only set with your consent. We do not use advertising or profiling cookies. Full details are in our Cookie Policy.
Data sharing
We do not sell, rent, or share your personal data with third parties for their own purposes. We use the following sub-processors to operate the service:
- Stripe: payment processing. If you subscribe to StompLab Pro, your name, email address, and payment details are shared with Stripe, Inc. (USA) to process your subscription. Stripe acts as an independent data controller for payment data. Data transfers to the USA are covered by Stripe's Standard Contractual Clauses. See Stripe's privacy policy.
- Google Analytics: usage statistics (only if you consent). Google Ireland Limited acts as a data processor on our behalf.
- Sentry: server-side error monitoring. We use Sentry (Functional Software, Inc., USA) to track application errors. Error reports do not include your name, email, or other identifying information. Data transfers to the USA are covered by Sentry's Standard Contractual Clauses. See Sentry's privacy policy.
- Gravatar: if you opt in to Gravatar in your profile settings, your email address is hashed and sent to Gravatar to load a profile avatar. See Automattic's privacy policy.
Data storage and residency
Your personal data is stored on servers located in London, United Kingdom (AWS eu-west-2, Availability Zone A). Your data does not leave the UK except where transferred to sub-processors as described in the Data sharing section above.
Data retention
Your account data is retained for as long as you have an active account. You can delete your account at any time from your Profile settings, which will permanently remove your personal data and content from our systems.
Billing records (invoices and transaction history) are retained for seven years to comply with financial record-keeping obligations, even after account deletion. This data is held by Stripe and is subject to their retention policy.
Your rights (GDPR)
If you are in the EU or UK, you have the following rights regarding your personal data:
- Access: request a copy of the data we hold about you.
- Rectification: correct inaccurate or incomplete data. You can do this directly in your Profile settings.
- Erasure: request deletion of your data. You can delete your account in Profile settings, or contact us.
- Portability: download a copy of your data in a structured, machine-readable format. You can do this at any time from your Profile settings using the "Export my data" button.
- Objection: object to processing based on legitimate interests.
- Restriction: request we restrict processing in certain circumstances.
To exercise any of these rights, contact us at hello@stomplab.net. We will respond within 30 days.
Account security
You can enable two-factor authentication (2FA) on your account from your Profile settings. When enabled, you will be asked for a time-based one-time code in addition to your password each time you sign in. We store a hashed copy of your 2FA secret to verify codes; it is never shared with third parties.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or a notice on the site. The "Last updated" date at the top reflects the most recent revision.
Contact
For any privacy-related questions or requests, contact us at hello@stomplab.net.